Table of Contents
1. Risk manager round tables filling fast. REGISTER NOW FOR THE SEMINAR
2. Not a member?
3. Record number of survey responses; hard work on analysis is now underway
4. Join the FERMA community on social media
5. Elections to the FERMA board
6. Middle East risk manager joins FERMA as individual member
7. Help with global programmes
8. AMRAE launches new visual identity and publication
9. Ralf Oelssner: a tribute
10. Expert Views
11. Looking at changes for the committees at the European Parliament
12. Future Data Protection Regulation for holding private data?
13. DVS Symposium 2014
Church Building Grants To Assist With New Construction, Additions, And Restor...
FERMA Newsletter #60
1. Newsletter N°60
July 2014
Page 1 FERMA Newsletter N°60 ● July 2014
Looking at changes for the committees at
the EU Parliament
Risk manager round tables filling fast
REGISTER NOW FOR THE SEMINAR
Risk managers who want to take part in the risk manager only round
table discussions at the 2014 FERMA Seminar should register
quickly; the round table numbers are limited, and they are filling
quickly. This is the advice from FERMA’s Project manager Véronique
De Hertogh as she continues the planning for this event. The seminar
will take place on 20 and 21 October at SQUARE in Brussels.
The event will be an exceptional occasion for European risk managers in 2014. It will be both
the scene for the announcement of the results of the 2014 FERMA Risk Management
Benchmarking Survey and the celebration of FERMA’s 40th anniversary with a gala dinner.
p.2
Record number of survey responses; hard work on analysis is
now underway
The 2014 FERMA Risk Management Benchmarking Survey closed on Friday 20 June with a total of 850 replies. This is the highest
number of responses the survey has ever received and it means the results are ever more representative of the views of the
European risk management community.
The survey committee, composed of FERMA board members and representatives of the industry partner organisations,
immediately started to work on analyzing the responses. The results will be revealed at the FERMA Seminar 2014 on 20 and 21
October in Brussels. An independent survey company Toluna collects the responses. p.2
Ralf Oelssner: a tribute
FERMA was sad to learn of the death of Ralf Oelssner, Vice President of FERMA
from 2003 to 2005 and a long serving chairman of DVS. He was 70. He was vice
president of corporate insurance at German airline Lufthansa until his retirement in
2007 and had headed its large insurance and reinsurance captives. p.5
Out of the 751 MEPs newly elected in May for five year terms, 371 are new to
Parliament. The European Parliament is new and fragmented with three main
consequences on EU policies:
No experience yet of working together, which may slow down even more the
legislative process;
Previously ignored political groups may emerge and play an important role;
Reaching a majority may be difficult. The absolute majority is 376 out of 751.
p.6
Also in this Issue...
Letter from Brussels p.3
Join the FERMA
community on social
media
p.3
Elections to the FERMA
board
p.3
Middle East risk
manager joins FERMA
p.4
Expert Views p.5
Future Data Protection
Regulation for holding
private data?
p.6
Knowledge corner p.7
Not a member?
It is not too late to attend the
seminar for free if you are a risk
manager and you have an interest
in European risks. Join your
national association or if you are
not eligible to join a member
association, you can apply for
individual or corporate
membership.
For more info, visit
http://bit.ly/1mMvSA4
2. Page 2 FERMA Newsletter N°60 ● July 2014
Risk manager round tables filling fast
Florence Bindelle
(Continued from front page)
The dinner will take place at the famous Bozar, the Belgians’
fond name for their Palais des Beaux Arts. (www.bozar.be).
The building is an art deco masterpiece by Victor Horta (1861-
1947), which has been intensively renovated and restored to
create what is probably the most prestigious venue for the arts
in Belgium.
Free for FERMA members
The Seminar is free for members of FERMA member associations and FERMA corporate and
individual members, including the gala FERMA 40th anniversary dinner. There are plenty of
reasons to attend :
The programme is designed by and for risk managers
High level networking with experts in risk management
Innovative sessions to share opinions on specific issues and daily work challenges
Results of the European Risk and Insurance report
Moreover Brussels also offers several advantages:
A 10 % discount on Brussels Airlines flights to Brussels; tickets can be booked from the seminar
website;
It takes only 17 minutes by shuttle train from Brussels airport to reach Central Station, which is in
front of the conference venue, SQUARE: low cost and no traffic jams;
All the hotels within 10 minutes walking distance from the Square; no need for taxis;
Reduced rates for hotels through Brussels Booking Desk – but book soon;
For drivers, there are plenty of parking places under SQUARE.
The programme includes two risk managers’ only round table discussions in addition to the presentation of
the survey results and a keynote speech on climate change by Danish television meteorologist Jesper Theilgaard.
Register now at: http://www.ferma.eu/ferma-seminar-2014/
Record number of survey responses; hard work on analysis
is now underway
(Continued from front page)
To encourage participation in the survey, FERMA this year created incentives for national associations and individual risk
managers. SI.Risk, DARIM and Airmic were the three first national associations to reach their target number of responses.
They will each receive €2000 sponsorship from FERMA for their next event.
Says FERMA executive director Florence Bindelle, “This was our most ambitious survey so far, and we are delighted with
the level of response. We assigned our association members quite challenging targets, and many of them devoted great
energy to encouraging their members to participate. Our industry partners in the survey have also been helpful in enlarging
the pool of responses by inviting their clients to respond.”
For individual risk managers, there were six wonderful prizes at stake. The winners who have been chosen at random and
contacted are:
Filip Hofkens: free registration at the FERMA Forum 2015 in Venice;
Régis de Poncins: three free nights’ accommodation at the FERMA Forum 2015 in Venice;
Michele Sollazzo: three free nights’ accommodation at the FERMA Forum 2015 in Venice; and
Bjorn-Erik Simenstad, Irena Pstragowska and Anna Luszpinska one night’s free accommodation for each at the
FERMA Seminar 2014 in Square, Brussels.
3. FERMA Newsletter N°60 ● July 2014
Annemarie Schouw
Letter from Brussels
Page 3
In June we held our general
assembly, approved the risk
management certification project
and elected four board directors.
Since then, we have not been
relaxing! You might be surprised
at the number of projects that
FERMA does with a small team.
Led by our President Julia
Graham, Vice President Michel Dennery, General
Secretary Pierre Sonigo, scientific adviser Marie-
Gemma Dequae and I visited London for a meeting
with the Institute of Risk Management (IRM) and our
British member Airmic. We discussed several
subjects of mutual interest on education issues with
IRM.
At Airmic, we were happy to meet the new Chair
Helen Pope as well as CEO John Hurrell, Technical
Director Paul Hopkin and Kate Wallin, who is leading
Airmic’s initiative for young risk managers, fasttrack.
We were very interested to hear about fasttrack,
which already has 173 members registered, since we
are all looking at ways of supporting new entrants to
the profession. FERMA is also talking with Airmic
about its global programme compliance database
Insight Risk Manager, launched in June, to
investigate how we can work together to benefit the
whole of FERMA’s membership.
The survey has now closed and the hard work of
analysing the results is underway. We were pleased
that thanks to the energetic support of our members,
we received 850 replies, a record number. Some of
them sent personal emails to their members to
encourage their participation. The results will be
announced at the FERMA Seminar on 20-21
October. Please don’t forget that it is free for FERMA
members to come to the seminar – and that includes
any new corporate and individual members.
(www.ferma.eu/ferma-seminar-2014/)
We are working with the European Confederation of
Institutes of Internal Auditing (ECIIA) to update the
guidance on the risk and risk management provisions
of the 8th Company Law directive. We intend that this
document will also be available at the seminar.
Finally, we are looking ahead to 2015 and working on
plans for the next FERMA Forum which will be held
at the Lido, Venice. The conference centre is a
charming building directly overlooking the sea and
Venice, which since the early 1930s has hosted
some of the most famous people of all times as its
guests. The Forum committee has already held its
first meeting.
But on a lovely summer’s day, we do not think only of
work, and so I wish you all happy holidays and a
return full of enthusiasm for our plans and projects.
Florence Bindelle
Join the FERMA community on
social media
FERMA invites you to become part of its growing online community which
is already 5000 strong and growing (3033 followers on Twitter and more
than 2400 members on LinkedIn).
Via its blog, Twitter, Youtube and Slideshare, FERMA regularly publishes
news, insights, interviews and research. Additionally, the FERMA Risk Talk
LinkedIn group provides a platform for risk managers to share their
experience and expertise, exchange ideas and opinions, and look for
advice, solutions and recommendations that were once out of reach.
FERMA 2014 social media strategy has two main objectives:
1. To increase FERMA’s footprint on social media in order to raise
awareness of the organisation among European risk managers
while encouraging the growth of a vibrant online community.
2. For the various FERMA’s online properties and channels to
become the first knowledge and information hub for risk
managers in Europe.
Altogether, FERMA’s online community boasts over 5 000 members and
has been recognised as the best place for European risk managers to stay
up to date and connected to each other. If you have not done it yet, now is
the time to save the blog in your favorites, join the LinkedIn group and
follow @FERMARisk on Twitter.
FERMA project assistant Christel Jaumoulle says, « If risk managers
members want to get more involved, do not hesitate to submit your articles
in English. All risk management content will be welcome and can be
published as a blog on FERMA’s website and broadcast on FERMA’s
social media channels. You’ll find some examples of articles at
http://www.ferma.eu/news »
Additionally, national associations are invited to join AGERS, Airmic,
AMRAE, ANRA, BELRIM, MARM and POLRISK during FERMA’s monthly
communication calls when social content and ideas can be exchanged and
discussed.
See you on Social!
If you have any questions or requests, please contact Christel Jaumoulle
at christel.jaumoulle@ferma.eu
The FERMA general assembly on 26 June elected four directors to
join the board for 2014-2017 and one new substitute They are:
Anna Korbut, vice president of the Russian risk
management association RusRisk,
Carl Leeman of the Belgian association BELRIM;
Cristina Martinez from the Spanish association IGREA; and
Helle Friberg from the Danish association DARIM;
The board substitute is the president of Poland’s POLRISK,
Slawomir Pijanowski.
Elections to the FERMA board
4. FERMA Newsletter N°60 ● July 2014Page 4
Middle East risk manager joins FERMA as individual member
Fady Khawam, senior enterprise risk
manager for ABYAT Megastore Co.
(www.abyatonline.com) , the largest retail
store group in the Middle East, has been
accepted as an individual member of
FERMA and will attend the FERMA
Seminar in Brussels in October. ABYAT,
which sells all types of building materials,
fittings and home furnishings from large
stores in Kuwait, and Saudi Arabia, is now
planning to expand into the United Arab
Emirates, Oman, Europe and elsewhere. It is this expansion
into Europe that encouraged Fady to apply for membership of
FERMA.
“We are going outside our own territory, and risk management
is different from area to area and from country to country. I
wanted to join an association so I can understand how risk
management works in European countries. I had been reading
a lot about FERMA and when it became possible to join as an
individual member, I persuaded my boss that it would be good
for our business,” he explained.
Fady has an insurance background, having studied insurance
sciences and then worked as a broker. Further studies in risk
management, however, interested him so much that he decided
on a change in career. He is now looking forward to attending
the FERMA Seminar in Brussels on 20-21 October and meeting
risk managers from across Europe.
FERMA Executive Director Florence Bindelle says, “We are
delighted to welcome Fady to FERMA. We created individual
and corporate memberships just so that risk managers and
companies from outside Europe can learn about risk
management in Europe. We will also benefit from the exchange
with them.”
Attend the FERMA Seminar 2014 for free: it is
not too late to apply for individual and corporate
membership of FERMA and attend the 2014
FERMA Seminar for free. Risk managers and
companies from outside FERMA member countries
who have an interest in risk management in Europe are eligible.
For more information, visit the FERMA website at http://
bit.ly/1mMvSA4 or contact Christel Jaumoulle at
christel.jaumoulle@ferma.eu
Fady Khawam
The President of AMRAE Gilbert
Canaméras used the occasion of the
association’s Day of the Commissions in
June to announce AMRAE’s new visual
identity and a new publication, Atout Risk
Manager.
In its 20 years, AMRAE has greatly
evolved and diversified. Its structure and organisation have
followed these developments. The association, therefore,
wanted its visual identity to reflect “the vigour, dynamism
and capacity of the risk management of tomorrow.”
Atout Risk Manager is a quarterly review which aims both
to bring together members of the association and engage
with the wider risk management community. The first
edition (in French) is available here: http://www.amrae.fr/
nouvelle-revue-atout-risk-manager
Airmic and AGERS have taken the initiative on global
programmes. At its annual conference in June, Airmic
unveiled Insight Risk Manager, the first compliance
database designed specifically for risk managers. Created in
partnership with Axco, the supplier of global insurance
market information with the support of leading brokers,
Insight Risk Manager currently covers regulations in 30
countries representing 93 per cent of the world’s property-
casualty insurance premiums.
Access to Insight Risk Manager is an Airmic membership
benefit, and FERMA will explore with Airmic ways of making
it available to all member associations.
At AGERS, a working group has now published a 32 page
report International Programmes that gives a broad view of
the subject. Now available in Spanish, AGERS hopes to
have the report translated into English soon.
Help with global programmes AMRAE launches new visual identity
and publication
5. FERMA Newsletter N°60 ● July 2014Page 5
Expert Views
The relationship between business continuity, crisis management
and risk management in building business resilience
Business continuity has been around from its
early disaster recovery roots in the 1980s
through to its present acceptance as a formal
management systems standard by ISO. Risk
management has had a similar heritage from
its initial insurance and loss control days
through to its current eminent position as a
key component of corporate strategy. Crisis
management has by contrast always been
spoken about without ever being formalised -
except arguably by the PR profession.
In the fallout from the global financial crisis of 2007/08, risk
management for a while looked a likely victim. There was a view
in some quarters that conventional risk management had failed to
predict the crisis or provided any effective way of mitigating the
outcomes that emanated from it. This led many organisations to
question their approach to operational risk, seeking an approach
which relied less on theoretical models and more on practical
techniques and understandable solutions.
As a result, there were some changes in the way previously
disparate functions like risk, BCM, crisis communications,
emergency planning and security were viewed. C-Level
executives generally accepted the BCM that premise that in order
to be successful they had to be able to guarantee operational
continuity but saw this was insufficient in its own right. Other
dimensions needed to come into play, such as the tracking of
new risks and an appreciation of how the business contextual
landscape might change in response to these risks.
The idea of adaptability to circumstances as well as continuity of
existing processes was added to the debate and a new term
‘organisational resilience’ entered the corporate lexicon. What
this has meant to traditional business continuity is that it has
become entrenched as a technical specialisation providing a form
of risk treatment, rather than an important way of viewing the total
organisation from the dual perspectives of impact and timeliness.
It is sometimes useful to remind ourselves that the definition of
business continuity management (ISO 22301:2012) is: “a holistic
management process that identifies potential threats to an
organisation and the impacts to business operations those
threats, if realised, might cause. It provides a framework for
building organisational resilience with the capability of an
effective response that safeguards the interests of its key
stakeholders, reputation, brand and value-creating activities”
In other words, if business continuity exists to build organisational
resilience, where does this lead crisis management? The recent
British Standard BS11200 for crisis management reaffirms its
view that BCM is for predictable events, where a fixed response
procedure can be designed, tested and exercised. It contrasts
BCM responses with crisis management situations that are not
predictable, have no documented recovery plan and have the
potential to destroy the organisation. A crisis might not arise from
an operational interruption but would more typically be related to
issues that have a high reputational impact at a strategic level
(like Toyota’s failure to address the US public’s safety concerns).
BS11200 considers BCM to be operational and crisis
management to be strategic but this view is still quite contentious.
The word resilience seems to offer a term most can be content
with, but it is still far from clear that there is a consensus amongst
practitioners as to what resilience really means at a practical
level.
Most accept that resilience is more than continuity. Many argue
that an organisation needs to both successfully manage
disruptive challenges (continuity) and seamlessly handle changes
in the external context in which it operates (adaptability). Some
practitioners believe that resilience largely means the
consolidation of business continuity (operational/tactical) and
crisis management (strategic) concepts.
Others feel that this falls short as a business model because
other members of the wider resilience family (most obviously
security, emergency response and operational risk) are not fully
integrated into this framework. The debate will continue.
Lyndon Bird is Technical Director and board member of the
Business Continuity Institute (BCI). www.thebci.org
Ralf Oelssner: a tribute
As a representative of Lufthansa, Ralf was
elected to the committee of DVS in 1993 and to
the board in 1989. He became its vice-chairman
in 1995 and chairman of the board in 1999. Ralf
was instrumental in the DVS becoming a
member of FERMA. He remained closely
connected with the association after his
retirement from the committees in 2008 and
because of his great services for the
association, he was appointed honorary
member of DVS.
FERMA Secretary General Pierre Sonigo comments, “I got to
know Ralf when he became Vice President of FERMA and
always appreciated his wisdom and deep knowledge of risk
management. He was a true gentleman and a real European.”
Just before his retirement from Lufthansa, Ralf received a
lifetime achievement award from Business Insurance Europe. He
told the publication: "In 1979, when I started in this role, nobody
knew how to spell risk management. It existed, but it was just not
called risk management. Of course we had safety rules,
legislation and the like that was linked to risk management, but
nobody actually called it that. It was just done. If you look at the
bottom line, risk management is nothing else but the application
of common sense" .
Ralf Oelssner
Lyndon Bird
6. Page 6 FERMA Newsletter N°60 ● July 2014
Looking at changes for the committees at the European Parliament
European Affairs
(Continued from front page)
During the month of June, political groups met to negotiate
and form new alliances. A political group must be made up
of 25 MEPs from at least seven Member States. Each main
political group designated a candidate for the European
Commission presidency. According to the EU Treaty, the
EPP (European People’s Party), as the winning party, was
supposed to see its candidate, former Luxembourg prime
minister Jean-Claude Juncker, endorsed by the EU Council,
but EU leaders like Angela Merkel or David Cameron
expressed doubts whether this was a binding rule or not.
Article 17.7 of the Treaty is quite ambiguous, stating that the
European Council shall be “taking into account the elections
to the European Parliament” when proposing a candidate for
President of the Commission. Despite this legal controversy,
Member States endorsed Juncker at the European Summit
on 26/27 June following the results of the European
elections.
On 15 July, the European Parliament confirmed the
proposed candidate and elected Juncker with a strong
majority of 422 votes from a total of 729 cast. He is
scheduled to succeed the incumbent José Manuel
Barroso in November.
On 8 July, the list of Parliamentary committees and their
chairpersons was released after intense weeks of
discussions. Twenty committees will be responsible for
carrying on the legislative work of the European Parliament.
The Economic and Monetary Affairs (ECON) committee is
usually the one in which FERMA has the most interest
related to insurance matters (e.g. IMD2, Solvency 2.) It will
be chaired for the next two and a half years by Italian MEP
Roberto Gualtieri from the second most important political
group S&D (Progressive Alliance of Socialists and
Democrats). Other industry-related committees that we will
also watch carefully include Environment, Public Health and
Food Safety (ENVI), Industry, Research and Energy (ITRE)
and Internal Market and Consumer Protection (IMCO).
The high number of new MEPs means new contacts to be
made and opportunities to identify potential new allies.
Future Data Protection Regulation for holding private data?
The EU regulator is at the final stages to adopt the Data
Protection Regulation which will set up new rules for operators
on how private data must be managed.
In March 2014, the European Parliament strengthened several
requirements such as making the applicable fines for breaching
rules up to €100 million or 5% of annual worldwide turnover
(whichever is greater) when the original proposal of the
European Commission suggested fines “only” up to €1 million
or 2% of annual worldwide turnover.
As usual in the European law making procedure, the text voted
by MEPs is now Parliament's official mandate to start
negotiations with the Council of the EU as soon as Member
States agree on their own negotiating position. A final
agreement between both institutions can be expected before
the end of 2014.
The possession of private data has a cost and
the threat of cybercrime is primarily a concern
for companies who manage a lot of client data.
The upcoming legislation, the increase of data
breaches due to higher reporting combined
with well-informed public opinion ever more
sensitive to data privacy, could mean also
more claims to come for the cyber insurance
industry.
Zero Day
This is an area of uncertainty for the insurance and risk
management community. It is still unclear how carriers will price
and deal with certain type of threats. One good illustration is the
Zero Day concept.
Zero Day threats are defined as the vulnerabilities of a system
that are yet not known by the developer itself. A Zero Day attack
occurs when the vulnerability is exploited.
As in the Heartbleed breach which became known publicly in
April 2014, there tends to be a time window between the
moment when service providers issue bug corrections and the
moment organisations effectively apply the updates and
corrections.
If a claim arises due to the identified breach within this
timeframe, it is not clear whether an insurer could or could not
apply an exclusion for failing to maintain an updated IT
infrastructure.
Cyber insurance policies are commonly underwritten with
exclusions related to the failure to maintain an updated IT
infrastructure, which means having the latest versions available
and/or the last patches applied to correct identified
vulnerabilities. (Continued on page 7)